# Exploit Title: SQL Monitor - Cross-Site Scripting (XSS)   
# Date: [12/21/2022 02:07:23 AM UTC]  
# Exploit Author: []  
# Vendor Homepage: []  
# Software Link: []  
# Version: [SQL Monitor]  
# Tested on: [Windows OS]  
# CVE : [CVE-2022-47870]  
Cross Site Scripting (XSS) in the web SQL monitor login page in Redgate  
SQL Monitor allows remote attackers to inject arbitrary web  
Script or HTML via the returnUrl parameter.  
[Affected Component] affected returnUrl in  
affected A tag under span with "redirect-timeout" id value  
[CVE Impact]  
disclosure of the user's session cookie, allowing an attacker to  
hijack the user's session and take over the account.  
[Attack Vectors]  
to exploit the vulnerability, someone must click on the malicious A  
HTML tag under span with "redirect-timeout" id value